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METHOD AND SYSTEM IN A TELEPHONE SWITCHING SYSTEM 



□ 



FIELD OP THE INVENTION 

The present invention relates to a method and 
5 system for modifying access right profiles in the op- 
erating system of a computer system, especially a 
telephone switching system. 

BACKGROUND OF THE INVENTION 
10 One of the most important components in a 

telephone network, e.g. the public switched telephone 
network (PSTN) , is the switching center. An example of 
_ such switching centers is the DX200 manufactured by 

O Nokia. Telephone switching .centers can be intercon- 

5 15 nected via trunk cables. Thus they form a system de- 
Cj" signed to allow the provision of various services to 

the clients - 

For a telephone switching system to work 
N" properly, it has to be managed. The interface used for 

^ 2 0 the management of a telephone switching system is of- 
K ten called a Man Machine Interface (MMI) . Through the 

Q management interface, it is possible to control the 

operation of the telephone switching system and to 
make changes in the operation control as required. 
25 In the DX 200 telephone switching system and 

the associated management interface (MMI), the user's 
authority and rights are determined on the basis of a 
user identifier (User ID) . The MMI system is a certain 
assembly of software and peripherals, which can be 
30 used to execute management control functions. Based on 
his/her authority and rights, the user may give con- 
trol commands to the various computer units in the 
telephone switching system. 

For each user identifier, an individual pass- 
35 word has been defined to permit user authentication. 
In some MMI systems, and in computer systems in gen- 
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eral, it is possible to create access right profiles 
applying to users and/or terminals. The access right 
profile specifies e.g. which MML (Man Machine Lan- 
guage) command language commands the user is author - 
5 ized to execute. When the user gives a command, the 
system checks whether the access right profile is 
authorized to execute that command. A given user iden- 
tifier is associated with certain access rights, and 
so is a given access right profile. 

10 An access right profile pertaining to a given 

set of terminals defines the circumstance that ses- 
sions relating to the management of the computer sys- 
tem or telephone switching system can only be acti- 
vated from a given terminal on certain conditions. 

15 A problem with the above-mentioned access 

right definition is that rights once defined remain 
valid until they are modified again. In practice, the 
modification is carried out e.g. manually by the op- 
erator. In other words, the access rights or access 

2 0 right profiles are at present in no way dependent on 
the prevailing conditions, e.g. the time of the day or 
the utilization rate of the system. 

The object of the present invention is to 
eliminate the drawbacks referred to above or at least 

25 to significantly alleviate them. 

A specific object of the invention is to dis- 
close a new type of method and system whereby access 
right profiles can be modified dynamically in a tele- 
phone switching system. 

30 As for the features characteristic of the 

present invention, reference is made to the claims. 

BRIEF DESCRIPTION OF THE INVENTION 

The method of the invention concerns dynamic 
35 modification of access right profiles in a computer 
system, especially a telephone switching system- 
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According to the invention, in the telephone 
switching system, access right profiles having indi- 
vidual command rights to the operating system of the 
telephone switching system are defined. 

In the method of the present invention, the 
need for modifying the access right profiles in the 
computer system or telephone switching system is rec- 
ognized. In this context, recognizing means e.g. that 
an event implying a change in the access right pro- 
files takes place. The information contained in the 
access right profiles is read to establish which ones 
of the access right profiles need to be changed. Trig- 
gered by a given event, the need for modifying the ac- 
"cess right profiles does notTliecessarily apply to all 



10 



15 



_ the access right profiles defined in the computer sys- 

p tern or telephone switching system. After it has been 

*g established which access right profiles have to be 

^ modified, they are changed dynamically as required in 

SI • , \_ • 

g-z. ■ view of the need for change that has arasen. 

H. 20 The information relating to the access right 

P profile includes data defining e.g. command class- 

m specific powers, validity period of the password, 

^ level of access to the MML command log and type of the 

^ access right profile in question. Type means that the 

25 access right profile may comprise one or more users or 
terminals. Further, the profile information may con- 
tain data indicating whether remote sessions are al- 
lowed. A need for changing the access right profiles 
may be triggered e.g. by the time of the day, the 
30 utilization rate of the telephone switching system, or 
a given alarm situation. Further, it is possible to 
modify the access right profiles as a function of ses- 
sion duration and/or operation commands used and/or 
number of sessions held. Changes in the access right 
35 profiles can also be made even if a session consistent 
with a given access right profile should be active. 
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The rights associated with an access right 
profile may be defined e.g. so that the rights are 
less extensive at night time than at day time. This 
may be desirable e.g. when supervision in the working 
5 premises is scant and the number of people at work is 
smaller than at day time. The access right profiles 
can also be changed as a function of the utilization 
rate of the telephone switching system. If the utili- 
zation rate of the telephone switching center exceeds 
10 a certain limit, then it may be necessary to modify 
the rights included in the access right profiles so 
that only commands of the most important nature can be 
• executed. Similarly, when the telephone network is 
1=1: heavily loaded, it may be necessary to limit the num- 

y 15 ber of remote sessions. Changes made in the access 
p right profiles may also relate to functionality. An 

example of this is a situation where the execution of 
^ a given function is not ' allowed if a certain condition 

M prevails in the telephone switching system. 

20 The system of the present invention comprises 

u, means for recognizing a need for modification of the 

^ access right profiles in a computer system or tele- 

p phone switching system and means for reading the an- 

F± formation contained in the access right profiles. Fur- 

25 thermore, the system comprises means for establishing 
which ones of the access right profiles have to be 
modified and means for changing the access right pro- 
files dynamically as necessary in view of the need for 
modification that has been recognized. 
30 The system of the present invention comprises 

means for modifying the access right profiles as a 
function of time and means for modifying the access 
right profiles as a function of the utilization rate 
of the telephone switching system. 
35 The system further comprises means for modi- 

fying the access right profiles when a predetermined 
alarm situation arises in the telephone switching sys- 
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tern and means for modifying the access right profiles 
as a function of session duration and/or operation 
commands used and/or number of sessions held. 

The present invention enables the access 
right profiles associated with a computer or telephone 
switching system to be modified dynamically on the ba- 
sis of pre-defined conditions. Thus, the access right 
profiles in the telephone switching system are adapted 
to the prevailing circumstances. 



10 



LIST OF ILIiUSTRATIONS 

In the following, the invention will be de- 
scribed in detail by the aid of a few examples of its 
embodiments , wherein : 
15 Fig. 1 illustrates a preferred system accord- 

""J ing to the invention, 

^ Fig. 2 presents a preferred functional block 

Sj diagram according to the invention. 

2 

Li, 20 DETAILED DESCRIPTION OF THE INVENTION 



a 



Ml 

J The system presented in Fig. 1 comprises 

O telephone switching center 11 and a workstation 12 

^ linked to it. From the workstation 12, users can con- 

trol the operation of the telephone switching center 
25 11. The telephone switching center 11 comprises a com- 
munication bus 14 with a service block (SEB) 13 con- 
nected to it. The function of the communication bus 14 
is to serve as an internal data transfer route within 
the telephone switching center 11. 
30 The function of the service block (SEB) 13 is 

to serve as a controller of the functions relating to 
access right profiles. One of the functions of the 
service block 13 is to create new access right pro- 
files and to change or delete existing ones as neces- 
35 sary. An essential part of the activity of the service 
block 13 is to function as a kind of distributor of 
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access rights. If the command rights of the access 
right profiles need to be changed, the service block 
13 is responsible for carrying out the changes. 

The service block 13 comprises an MMI manage- 
ment block 15, which serves as a program module con- 
trolling the functions. These include e.g. the trans- 
mission of information between the workstation 12 and 
the central.' system. The service block 13 additionally 
comprises a profile management block 16, a user man- 
agement block 17, a profiles file 18 and a passwords 
file 19. 

The user interface is implemented by the pro- 
file management block 16, by means of which the user 
identifiers and access right profiles are managed. The 
15 profiles file 18 contains information regarding exist- 
ing profiles in the telephone switching system while 
the passwords file 19 contains passwords associated 
with existing user identifiers. The profiles file con- 
tains authority data fields for different profiles. 
20 The authority data are checked in conjunction with 
each MML command. The functions of the user management 
block 17 relate to the treatment of passwords and user 
identifiers and related matters. 

The user management block 17 comprises means 
25 1 for recognizing a need for modification of the ac- 
cess right profiles in the telephone switching system. 
Using means 2, the information contained in the access 
right profiles is read. Moreover, the user management 
block 17 contains means 3 for establishing which ones 
of the access right profiles need to be modified. 

The profile management block 16 comprises 
means 4 for dynamically changing the access right pro- 
files in a manner corresponding to the need for modi- 
fication that has arisen in the telephone switching 
system. Using means 5, an access right profile com- 
prising one or more user identifiers is defined in the 
telephone switching system. Means 6 serve to define in 
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the telephone switching system an access right profile 
comprising one or more terminals. The profile manage- 
ment block 16 additionally comprises means 7 for modi- 
fying the access right profiles as a function of time. 
5 Means 8 are used to modify the access right profiles 
as a function of the utilization rate of the telephone 
switching system. Means 9 serve to modify the access 
right profiles for the telephone switching system when 
a predetermined alarm situation arises in the tele- 
10 phone switching system. The profile management block 
16 additionally comprises means 10 for modifying the 
access right profiles in the telephone switching sys- 
tem as a function of session duration and/or operation 
_ commands used and/or number of sessions held. 

□ 15 Means 1-10 are preferably implemented as 

O 

\i program modules using a computer. 

In an embodiment as illustrated in Fig. 1. 
^ changes in the access right profile are boimd to the 

time of the day. In this example, the authority of the 
^ 20 access right profile is dropped to a lower level for 

night time. The operator defines the start and end 
times for "day" and "night". This information is spe- 
cific to the profile, so it can be defined separately 
for each profile. The profiles file contains authority 
25 data fields for both "night" and "day" profiles. The 
authority data are checked in conjunction with each 
MMIi command. The current time is compared with the 
time limits for the profile and, based on this com- 
parison, a decision regarding the access rights is 
3 0 made . 

In an embodiment as illustrated in Fig. 1, 
the access right profiles are modified as a function 
of the utilization rate of the telephone switching 
system. If the utilization rate of the telephone 
35 switching system exceeds a given limit, then it may be 
necessary to modify the rights associated with certain 
access right profiles so that only commands of the 
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most important nature can be executed. Similarly, when 
the telephone network is heavily loaded, it may be 
necessary to limit the number of remote sessions. The 
rights of access the right profiles regarding the op- 
5 erating system of the telephone . switching system may 
further be affected by a predetermined alarm situa- 
tion. 

In an embodiment as illustration in Fig. 1, 
the access right profiles are modified as a function 

10 of session duration, operation commands used or e.g. 
the number of sessions held. Stored in the access 
right profile data is a limit value which preferably 
applies to one of the above-mentioned parameters. In 
addition, the limit value may be a combination of 

15 these parameters. When the limit is exceeded, the ac- 
cess right profile is changed in a predetermined man- 
ner. An access right profile may be denied command 
rights to the operating system of the telephone 
switching system. The rights may also be so modified 

2 0 that only certain commands are available. As an exam- 

ple, let us consider a case where an access right pro- 
file is entitled to ten times of log-on into the oper- 
ating system of the telephone switching system. After 
this number of log-on times has been used up, it will 
25 no longer be possible to log on into the operating 
system of the telephone switching system with the user 
identifiers comprised in the access right profile. 

Fig. 2 illustrates the operation of the pres- 
ent invention in the form of a flow diagram presented 

3 0 as an example. As stated in block 2 0, access right 

profiles are defined in the telephone switching sys- 
tem. In this context, "profile" means that a given 
group of users or terminals has similar properties. In 
the telephone switching system, a situation occurs 
35 that may affect the existing access right profiles, 
block 21. According to block 22, the situation is ana- 
lyzed in the telephone switching system and a decision 
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is made as to whether the situation has an effect 
the above-mentioned access right profiles. If the 
situation does affect the access right profiles, then 
the procedure will go on to block 23, according to 
5 which the information contained in the access right 
profiles is read. The next task is to establish which 
ones of the- access right profiles have to be modified, 
block 24. Once the access right profiles to be modi- 
fied have been determined, they, are modified as neces- 
10 sary in view of the situation, block 25. In practice, 
the changes apply e.g. to a case where a limitation is 
set on the command rights associated with certain ac- 
cess right profiles regarding the operating system of 
5 the telephone switching system. If the situation en- 

O 15 countered does not require any modification of the ac- 

g cess right profiles, then the procedure will go on to 

block 26. 

^ The invention is not restricted to the exam- 

pies of its embodiments described above; instead, many 
20 variations are possible within the scope of the inven- 
P tive idea defined in the claims. 

O 



